473,322 Members | 1,417 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

help stopping people putting scripts into form fields

Hi there, im making a simple site where people can add comments into a
shoutbox. only ive had experience of people adding in html tags and
javascript to redirect people away from my site and display images etc
which im not interested in.

how do i stop this from happening? is there a way to intercept the
form contents and kick out the
code leaving plain text? or changing the code so it displays the real
code using < and > ?

many thanks
mark

Jun 3 '07 #1
2 1447
mark r wrote:
Hi there, im making a simple site where people can add comments into a
shoutbox. only ive had experience of people adding in html tags and
javascript to redirect people away from my site and display images etc
which im not interested in.

how do i stop this from happening? is there a way to intercept the
form contents and kick out the
code leaving plain text?
While difficult, it is do-able. Some regular expressions for finding html
tags in strings have posted in this group in the past. A google search
should reveal them.
or changing the code so it displays the real
code using < and > ?
Use Server.HTMLEncode in your Response.Writes

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jun 3 '07 #2
On Jun 3, 2:04 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
wrote:
mark r wrote:
Hi there, im making a simple site where people can add comments into a
shoutbox. only ive had experience of people adding in html tags and
javascript to redirect people away from my site and display images etc
which im not interested in.
how do i stop this from happening? is there a way to intercept the
form contents and kick out the
code leaving plain text?

While difficult, it is do-able. Some regular expressions for finding html
tags in strings have posted in this group in the past. A google search
should reveal them.
or changing the code so it displays the real
code using &lt; and &gt; ?

Use Server.HTMLEncode in your Response.Writes

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
thanks for that... ive got it working :) now onto the next feature lol

mark

Jun 3 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: PHPkemon | last post by:
Hi there, A few weeks ago I made a post and got an answer which seemed very logical. Here's part of the post: PHPkemon wrote: > I think I've figured out how to do the main things like...
0
by: mcp6453 | last post by:
I am trying to use Jack's FormMail script (http://www.dtheatre.com/scripts/formmail). Since I'm brand new at PHP and not very good at HTML, I have an easy question, which I will narrow down. When...
6
by: DK | last post by:
i was able to successfully create a windows service using py2exe. it polls a website periodically and logs it to a file. this is done using a function that does an infinite loop with periodic...
8
by: baustin75 | last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- ...
0
by: Patrick | last post by:
I'm working on a contact management application, and need a hand with one aspect... Here's what I want to create: ------------------------------------ A form split into two parts. There is a...
11
by: Marcelo | last post by:
Hi, I need to make a robot that fills forms. I already made that with php sites, but now I need that in a javascript pages site ( the robot can be php,asp, asp.net ), anyone knows how can I do...
0
by: gunimpi | last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted...
47
by: Jo | last post by:
Hi there, I'm Jo and it's the first time I've posted here. I'm in process of creating a database at work and have come a little unstuck.....I'm a bit of a novice and wondered if anyone could...
4
by: mattehz | last post by:
Hey there, I am trying to upload old source files and came across these errors: Warning: Invalid argument supplied for foreach() in /home/mattehz/public_html/acssr/trunk/inc_html.php on line 59...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.